billthebest / opencryptoki Goto Github PK
View Code? Open in Web Editor NEWThis project forked from pandnp/opencryptoki
License: Other
This project forked from pandnp/opencryptoki
License: Other
opencryptoki README Package version 3.3 Please see NEWS for additional version 3 information. OVERVIEW openCryptoki version 3.1 implements the PKCS#11 specification version 2.11. This package includes several cryptographic tokens; CCA, ICA, TPM , SWToken, and ICSF. REQUIREMENTS: - IBM ICA requires libica library version 2.3.0 or higher for accessing ICA hardware crypto on IBM zSeries. - IBM CCA requires IBM XCrypto CEX3C card and the CEX3C host libraries and tools version 4.1. - TPM requires a TPM, TPM tools, and TCG software stack. - SWToken The software token uses OpenSSL version 0.9.7 or higher. - ICSF The Integrated Cryptographic Service Facility (ICSF) token requires openldap and opeldap client software version 2.4.23 or higher. Lex and Yacc are also required to build this token. - EP11 The EP11 token is a token that uses the IBM Crypto Express adapters (starting with Crypto Express 4S adapters) configured with Enterprise PKCS#11 (EP11) firmware. BUILD PROCESS The simplest way to compile this package is to enter the source code main directory and do the following: 1. Run the bootstrap.sh script by typing: % sh bootstrap.sh 2. Configure the source code by typing: % sh ./configure If you're planning to install the package into your home directory or to a location other than `/usr/local' then add the flag `--prefix=PATH' to `configure'. For example, if your home directory is `/home/luser' you can configure the package to install itself there by invoking: % sh ./configure --prefix=/home/luser If your stdll headers and libraries are not under any standard path, you will need to pass the paths to your files to the configure script. For instance: $ CPPFLAGS="-L/path/lib" LDFLAGS="-I/path/include" ./configure See ./configure --help for info on various options. The default behavior is to build a default token implicitly. For the s390 platform, the default token is ica_s390. For other platforms, the default token is the software token. Other tokens may be enabled using the corresponding --enable-<tok> configuration option provided the appropriate libraries are available. While running, `configure' prints some messages telling which features is it checking for. 3. Compile the package by typing: % make 4. Type `make install' to install the programs and any data files and documentation. During installation, the following files go to the following directories: /prefix/sbin/pkcsconf /prefix/sbin/pkcsslotd /prefix/sbin/pkcsicsf /prefix/libdir/libopencryptoki.so /prefix/libdir/libopencryptoki.so.0 /prefix/libdir/opencryptoki/libopencryptoki.so /prefix/libdir/opencryptoki/libopencryptoki.so.0 /prefix/libdir/opencryptoki/libopencryptoki.so.0.0.0 /prefix/var/lib/opencryptoki /prefix/etc/opencryptoki/opencryptoki.conf Token objects, which may be optionally built, go to the following locations: /prefix/libdir/opencryptoki/stdll/libpkcs11_ica.so /prefix/libdir/opencryptoki/stdll/libpkcs11_ica.so.0 /prefix/libdir/opencryptoki/stdll/libpkcs11_ica.so.0.0.0 /prefix/libdir/opencryptoki/stdll/libpkcs11_sw.so /prefix/libdir/opencryptoki/stdll/libpkcs11_sw.so.0 /prefix/libdir/opencryptoki/stdll/libpkcs11_sw.so.0.0.0 /prefix/libdir/opencryptoki/stdll/libpkcs11_tpm.so /prefix/libdir/opencryptoki/stdll/libpkcs11_tpm.so.0 /prefix/libdir/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0 where `prefix' is either `/usr/local' or the PATH that you specified in the `--prefix' flag. `libdir' is the name of the library directory; for 32-bit libraries it is usually `lib' and for 64-bit libraries it is usually `lib64'. To maintain backwards compatibility, some additional symlinks are generated (note that these are deprecated, and applications should migrate to use the LSB-compliant names and locations for libraries and executables): /prefix/lib/opencryptoki/PKCS11_API.so - Symlink to /prefix/lib/opencryptoki/libopencryptoki.so /prefix/lib/opencryptoki/stdll/PKCS11_ICA.so - Symlink to /prefix/lib/opencryptoki/stdll/libpkcs11_ica.so /prefix/lib/opencryptoki/stdll/PKCS11_SW.so - Symlink to /prefix/lib/opencryptoki/stdll/libpkcs11_sw.so /prefix/lib/pkcs11/PKCS11_API.so - Symlink to /prefix/lib/opencryptoki/libopencryptoki.so /prefix/lib/pkcs11 - Directory created if non-existent /prefix/lib/pkcs11/methods - Symlink to /prefix/sbin /prefix/lib/pkcs11/stdll - Symlink to /prefix/lib/opencryptoki/stdll /prefix/etc/pkcs11 - Symlink to /prefix/var/lib/opencryptoki If any of these directories do not presently exist, they will be created on demand. Note that if ``prefix'' is ``/usr'', then /prefix/var and /prefix/etc resolve to /var and /etc. On the ``make install'' stage, if content exists in the old /prefix/etc/pkcs11 directory, it will be migrated to the new /prefix/var/lib/opencryptoki location. If you are installing in your home directory make sure that `/home/luser/bin' is in your path. If you're using the bash shell add this line at the end of your .cshrc file: PATH="/home/luser/bin:${PATH}" export PATH If you are using csh or tcsh, then use this line instead: setenv PATH /home/luser/bin:${PATH} By prepending your home directory to the rest of the PATH you can override systemwide installed software with your own custom installation. CONFIGURATION See: http://www-128.ibm.com/developerworks/security/library/s-pkcs/index.html openCryptoki defaults to be usable by anyone who is in the group ``pkcs11''. You may need to add the pkcs11 group before using. % groupadd pkcs11 Add root to the pkcs11 group. % usermod -G pkcs11 root Prior to version 3, opencryptoki used pk_config_data as its configuration file. This file was created upon running pkcs11_startup. In version 3, pkcs11_startup and pk_config_data have been removed and replaced with a customizeable config file named, opencryptoki.conf. It contains an entry for each token currently supported by opencryptoki. However, only those tokens, whose hardware and software requirements are available on the local system, will show up as present and available upon running the pkcsconf -t command. Before using, each token must be first initialized. You can select the token with the -c command line option; refer to the documentation linked to above for further instructions. Initialize a particular token by running pkcsconf: % pkcsconf -I -c In this version of openCrypoki, the default SO PIN is 87654321. This should be changed to a different PIN value before use. You can change the SO PIN by running pkcsconf: % pkcsconf -P -c You can initialize and change the user PIN by typing: % pkcsconf -u -c You can later change the user PIN again by typing: % pkcsconf -p -c
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.